Cleartext Transmission of Sensitive Information Affecting python3-perf package, versions *


Severity

Recommended
0.0
medium
0
10

Based on Red Hat Enterprise Linux security rating.

Threat Intelligence

EPSS
0.09% (42nd percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • Snyk IDSNYK-RHEL8-PYTHON3PERF-1729786
  • published8 Oct 2021
  • disclosed5 Aug 2020

Introduced: 5 Aug 2020

CVE-2020-3702  (opens in a new tab)
CWE-319  (opens in a new tab)

How to fix?

There is no fixed version for RHEL:8 python3-perf.

NVD Description

Note: Versions mentioned in the description apply only to the upstream python3-perf package and not the python3-perf package as distributed by RHEL. See How to fix? for RHEL:8 relevant fixed versions and status.

u'Specifically timed and handcrafted traffic can cause internal errors in a WLAN device that lead to improper layer 2 Wi-Fi encryption with a consequent possibility of information disclosure over the air for a discrete set of traffic' in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in APQ8053, IPQ4019, IPQ8064, MSM8909W, MSM8996AU, QCA9531, QCN5502, QCS405, SDX20, SM6150, SM7150

CVSS Scores

version 3.1